Merge pull request #1938 in SNORT/snort3 from ~KAMURTHI/snort3:TOR-Proxy to master

Squashed commit of the following:

commit 7885b4c4de8c5a6396aa29c839818e0732e718c0
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date:   Sun Jan 12 17:24:24 2020 -0500

    appid: detect payload for http tunnel traffic

diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc
index e2633ba2d12e68c410aecad7f6c4b0f0973b57c4..a7a1666c608fdabb24de909e4768033066fde16f 100644 (file)
--- a/src/network_inspectors/appid/tp_appid_utils.cc
+++ b/src/network_inspectors/appid/tp_appid_utils.cc
@@ -774,9 +774,13 @@ bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, I
                     // Handle HTTP tunneling and SSL possibly then being used in that tunnel
                     if (tp_app_id == APP_ID_HTTP_TUNNEL)
                         asd.set_payload_appid_data(APP_ID_HTTP_TUNNEL, change_bits);
-                    else if ((asd.payload.get_id() == APP_ID_HTTP_TUNNEL) &&
-                        (tp_app_id == APP_ID_SSL))
-                        asd.set_payload_appid_data(APP_ID_HTTP_SSL_TUNNEL, change_bits);
+                    else if (asd.payload.get_id() == APP_ID_HTTP_TUNNEL)
+                    {
+                        if (tp_app_id == APP_ID_SSL)
+                            asd.set_payload_appid_data(APP_ID_HTTP_SSL_TUNNEL, change_bits);
+                        else
+                            asd.set_payload_appid_data(tp_app_id, change_bits);
+                    }
 
                     AppIdHttpSession* hsession = asd.get_http_session();
                     hsession->process_http_packet(direction, change_bits);